fix: delete currently connected user

Author: fmenezes

src/common/utils.ts

@@ -1,6 +1,8 @@
 export enum ErrorCodes {
     NotConnectedToMongoDB = 1_000_000,
     InvalidParams = 1_000_001,
+    CloseServiceProvider = 1_000_007,
+    DeleteDatabaseUser = 1_000_008,
 }
 
 export class MongoDBError extends Error {

src/errors.ts

@@ -1,6 +1,9 @@
 import { NodeDriverServiceProvider } from "@mongosh/service-provider-node-driver";
 import { ApiClient, ApiClientCredentials } from "./common/atlas/apiClient.js";
 import { Implementation } from "@modelcontextprotocol/sdk/types.js";
+import logger from "./logger.js";
+import { mongoLogId } from "mongodb-log-writer";
+import { ErrorCodes } from "./errors.js";
 
 export interface SessionOptions {
     apiBaseUrl?: string;
@@ -16,6 +19,12 @@ export class Session {
         name: string;
         version: string;
     };
+    connectedAtlasCluster?: {
+        username: string;
+        projectId: string;
+        clusterName: string;
+        expiryDate: Date;
+    };
 
     constructor({ apiBaseUrl, apiClientId, apiClientSecret }: SessionOptions = {}) {
         const credentials: ApiClientCredentials | undefined =
@@ -41,14 +50,46 @@ export class Session {
         }
     }
 
-    async close(): Promise<void> {
+    async disconnect() {
         if (this.serviceProvider) {
             try {
                 await this.serviceProvider.close(true);
-            } catch (error) {
-                console.error("Error closing service provider:", error);
+            } catch (err: unknown) {
+                const error = err instanceof Error ? err : new Error(String(err));
+                logger.error(
+                    mongoLogId(ErrorCodes.CloseServiceProvider),
+                    "Error closing service provider:",
+                    error.message
+                );
             }
             this.serviceProvider = undefined;
         }
+        if (!this.connectedAtlasCluster) {
+            return;
+        }
+        try {
+            await this.apiClient.deleteDatabaseUser({
+                params: {
+                    path: {
+                        groupId: this.connectedAtlasCluster.projectId,
+                        username: this.connectedAtlasCluster.username,
+                        databaseName: "admin",
+                    },
+                },
+            });
+        } catch (err: unknown) {
+            const error = err instanceof Error ? err : new Error(String(err));
+
+            logger.error(
+                mongoLogId(ErrorCodes.DeleteDatabaseUser),
+                "atlas-connect-cluster",
+                `Error deleting previous database user: ${error.message}`
+            );
+        }
+        this.connectedAtlasCluster = undefined;
+    }
+
+    async close(): Promise<void> {
+        await this.disconnect();
     }
 }

src/session.ts

@@ -2,11 +2,17 @@ import { z } from "zod";
 import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { AtlasToolBase } from "../atlasTool.js";
 import { ToolArgs, OperationType } from "../../tool.js";
-import { sleep } from "../../../common/utils.js";
+import { randomBytes } from "crypto";
+import { promisify } from "util";
 
-function generateSecurePassword(): string {
-    // TODO: use a better password generator
-    return `pwdMcp${Math.floor(Math.random() * 100000)}`;
+const EXPIRY_MS = 1000 * 60 * 60 * 12; // 12 hours
+
+const randomBytesAsync = promisify(randomBytes);
+
+async function generateSecurePassword(): Promise<string> {
+    const buf = await randomBytesAsync(16);
+    const pass = buf.toString("base64url");
+    return pass;
 }
 
 export class ConnectClusterTool extends AtlasToolBase {
@@ -19,6 +25,8 @@ export class ConnectClusterTool extends AtlasToolBase {
     };
 
     protected async execute({ projectId, clusterName }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
+        await this.session.disconnect();
+
         const cluster = await this.session.apiClient.getCluster({
             params: {
                 path: {
@@ -32,15 +40,16 @@ export class ConnectClusterTool extends AtlasToolBase {
             throw new Error("Cluster not found");
         }
 
-        if (!cluster.connectionStrings?.standardSrv || !cluster.connectionStrings?.standard) {
+        const baseConnectionString = cluster.connectionStrings?.standardSrv || cluster.connectionStrings?.standard;
+
+        if (!baseConnectionString) {
             throw new Error("Connection string not available");
         }
 
         const username = `usrMcp${Math.floor(Math.random() * 100000)}`;
-        const password = generateSecurePassword();
+        const password = await generateSecurePassword();
 
-        const expiryMs = 1000 * 60 * 60 * 12; // 12 hours
-        const expiryDate = new Date(Date.now() + expiryMs);
+        const expiryDate = new Date(Date.now() + EXPIRY_MS);
 
         await this.session.apiClient.createDatabaseUser({
             params: {
@@ -68,19 +77,18 @@ export class ConnectClusterTool extends AtlasToolBase {
             },
         });
 
-        void sleep(expiryMs).then(async () => {
-            // disconnect after 12 hours
-            if (this.session.serviceProvider) {
-                await this.session.serviceProvider.close(true);
-                this.session.serviceProvider = undefined;
-            }
-        });
+        this.session.connectedAtlasCluster = {
+            username,
+            projectId,
+            clusterName,
+            expiryDate,
+        };
 
-        const connectionString =
-            (cluster.connectionStrings.standardSrv || cluster.connectionStrings.standard || "").replace(
-                "://",
-                `://${username}:${password}@`
-            ) + `?authSource=admin`;
+        const cn = new URL(baseConnectionString);
+        cn.username = username;
+        cn.password = password;
+        cn.searchParams.set("authSource", "admin");
+        const connectionString = cn.toString();
 
         await this.connectToMongoDB(connectionString);
 

src/tools/atlas/metadata/connectCluster.ts

@@ -2,14 +2,17 @@ import { Session } from "../../../../src/session.js";
 import { expectDefined } from "../../helpers.js";
 import { describeWithAtlas, withProject, randomId } from "./atlasHelpers.js";
 import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
-import { sleep } from "../../../../src/common/utils.js";
+
+function sleep(ms: number) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
 
 async function deleteAndWaitCluster(session: Session, projectId: string, clusterName: string) {
     await session.apiClient.deleteCluster({
         params: {
             path: {
                 groupId: projectId,
-                clusterName: clusterName,
+                clusterName,
             },
         },
     });
@@ -19,7 +22,7 @@ async function deleteAndWaitCluster(session: Session, projectId: string, cluster
                 params: {
                     path: {
                         groupId: projectId,
-                        clusterName: clusterName,
+                        clusterName,
                     },
                 },
             });
@@ -36,7 +39,7 @@ async function waitClusterState(session: Session, projectId: string, clusterName
             params: {
                 path: {
                     groupId: projectId,
-                    clusterName: clusterName,
+                    clusterName,
                 },
             },
         });